|
Log-Analyse und Auswertung: Einschätzung otl-logWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.05.2011, 08:34 | #1 |
| Einschätzung otl-log Guten Morgen, ich hatte gestern einen trojaner-befall des typs "TR/Kazy.mekml.1". Nun habe ich, entsprechend der anleitung des forums, malewarebytes ausgeführt, und die infizierten datein gelöscht. außerdem habe ich otl.exe und unhide.exe laufen lassen. Nun wollte ich zunächst fragen, ob mir jemand ein kostenlose Lösung empfehlen kann, wie soetwas nicht mehr vorkommt. Außerdem wollte ich gerne wissen, ob die beiden logs von otl in ordnung sind, oder ich weitere schritte unternehmen muss. vielen dank schonmal im voraus. hier die otl.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 12.05.2011 08:12:59 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 60,49 Gb Free Space | 41,98% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 129,23 Gb Free Space | 89,75% Space Free | Partition Type: NTFS Computer Name: -PC | User Name: | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.12 08:10:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe PRC - [2011.05.11 17:09:56 | 003,318,784 | -H-- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2011.05.11 17:09:56 | 000,496,128 | -H-- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\sp_rsser.exe PRC - [2011.04.30 14:08:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.19 18:22:23 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.18 17:49:27 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.11.14 18:50:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.01.16 21:03:48 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\Mcshield.exe PRC - [2009.01.16 20:28:08 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe PRC - [2009.01.09 14:48:02 | 000,884,360 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe PRC - [2009.01.09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009.01.09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009.01.08 21:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe PRC - [2009.01.08 21:30:26 | 000,645,328 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.05 05:16:26 | 000,235,936 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10a.exe PRC - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.05.22 10:33:54 | 000,688,128 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.05.13 02:13:28 | 000,085,672 | ---- | M] () -- C:\Programme\Samsung\Samsung Update Plus\SLUTrayNotifier.exe PRC - [2008.04.25 14:31:34 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.04.17 08:26:46 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:49 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe PRC - [2007.07.05 00:41:42 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (SafeList) ========== MOD - [2011.05.12 08:10:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.05.11 17:09:56 | 000,496,128 | -H-- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv) SRV - [2011.04.30 14:08:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.19 18:22:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.09.06 18:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.01.17 08:33:02 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009.01.16 21:03:48 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009.01.16 20:28:08 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009.01.09 14:48:02 | 000,884,360 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009.01.09 12:31:16 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2009.01.09 09:06:52 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009.01.08 21:30:26 | 000,797,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2008.05.23 07:11:56 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.05.23 06:43:52 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008.01.16 10:37:38 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv) ========== Driver Services (SafeList) ========== DRV - [2011.05.11 17:09:56 | 000,142,592 | -H-- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2011.03.19 18:22:24 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.24 16:25:52 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.01.09 13:03:40 | 000,213,640 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009.01.09 13:03:40 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009.01.09 13:03:40 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009.01.09 13:03:40 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009.01.09 13:03:06 | 000,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk) DRV - [2008.12.31 17:29:08 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.10.23 14:08:54 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP) DRV - [2008.06.25 07:26:34 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2008.06.09 00:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.05.20 21:36:12 | 003,663,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.05.08 11:51:18 | 000,226,328 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R) DRV - [2008.03.28 12:19:54 | 001,363,088 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini) DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.12.04 18:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - [2006.11.28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "https://webmail.eva.mpg.de/ox6/ox.html" FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {C3B2959E-301D-47E5-A440-2C797569D4F6}:1.9.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 18:42:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 18:42:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Components: D:\components [2011.03.05 13:43:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Plugins: D:\plugins [2011.04.12 09:12:07 | 000,000,000 | ---D | M] [2010.02.26 01:23:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions [2010.02.26 01:23:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.04.15 08:53:08 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jan\AppData\Roaming\mozilla\Firefox\Profiles\psm38bn6.default\extensions [2011.04.15 08:50:53 | 000,000,873 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\conduit.xml [2011.05.09 19:13:45 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-1.xml [2009.05.06 10:11:58 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-2.xml [2009.05.16 01:37:22 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-3.xml [2009.06.24 09:30:06 | 000,000,950 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin-4.xml [2010.06.21 16:35:24 | 000,001,042 | -H-- | M] () -- C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\searchplugins\icqplugin.xml [2011.05.10 08:41:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.03.19 09:35:13 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.10 08:41:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.02.25 11:47:46 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2011.05.10 08:41:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2009.05.27 20:03:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [2011.05.11 14:51:26 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\JAN\APPDATA\LOCAL\{C3B2959E-301D-47E5-A440-2C797569D4F6} [2011.01.21 12:04:24 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.01.21 12:04:24 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.01.21 12:04:24 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.01.21 12:04:24 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.01.21 12:04:24 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Bdidomurediqatar] File not found O4 - HKCU..\Run: [Hwefutiyayiyoh] File not found O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\\PartyPoker\RunApp.exe () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: ebay.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: eintracht-schkeuditz.de ([www] https in Vertrauenswürdige Sites) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.186.225 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.12.07 17:27:18 | 000,077,893 | ---- | M] (Palm, Inc.) - D:\AutoDetect.dll -- [ NTFS ] O33 - MountPoints2\{5ed792f1-e56e-11dd-b592-001377aa169b}\Shell - "" = AutoRun O33 - MountPoints2\{5ed792f1-e56e-11dd-b592-001377aa169b}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{f741a02b-d74f-11dd-aa8d-001377aa169b}\Shell - "" = AutoRun O33 - MountPoints2\{f741a02b-d74f-11dd-aa8d-001377aa169b}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk - D:\Hotsync.exe - (PalmSource, Inc) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^Users^Jan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe - - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: mcagent_exe - hkey= - key= - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SafeBootNet: Messenger - File not found SafeBootNet: MpfService - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - MSh263.drv File not found Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.12 08:10:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jan\Desktop\OTL.exe [2011.05.11 22:23:21 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Roaming\Malwarebytes [2011.05.11 22:23:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.05.11 22:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.05.11 22:23:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.05.11 22:23:06 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.05.11 22:18:42 | 007,734,208 | -H-- | C] (Malwarebytes Corporation ) -- C:\Users\\mbam-setup.exe [2011.05.11 17:09:55 | 000,000,000 | -H-D | C] -- C:\Users\\AppData\Roaming\Spyware Terminator [2011.05.11 17:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator [2011.05.11 17:09:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Spyware Terminator [2011.05.11 17:09:37 | 000,000,000 | -H-D | C] -- C:\Programme\Spyware Terminator [2011.05.11 16:58:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.05.11 14:51:26 | 000,000,000 | -H-D | C] -- C:\Users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6} [2011.05.10 08:41:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras [2011.05.10 08:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.10 08:41:07 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype [2011.05.02 09:22:33 | 000,000,000 | -H-D | C] -- C:\Users\\Desktop\korrekturen ma [2011.04.30 18:41:35 | 000,000,000 | -H-D | C] -- C:\Users\\Desktop\Abschlussprüfung [2006.11.24 07:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll [2006.11.24 07:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll ========== Files - Modified Within 30 Days ========== [2011.05.12 08:10:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe [2011.05.12 08:03:44 | 000,028,389 | ---- | M] () -- C:\Windows\System32\Config.MPF [2011.05.12 08:02:47 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.12 08:02:46 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.12 08:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.12 08:02:29 | 3215,577,088 | -HS- | M] () -- C:\hiberfil.sys [2011.05.12 00:34:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.11 22:18:53 | 007,734,208 | -H-- | M] (Malwarebytes Corporation ) -- C:\Users\\mbam-setup.exe [2011.05.11 21:22:09 | 000,000,120 | -H-- | M] () -- C:\Users\\AppData\Local\Tjavecus.dat [2011.05.11 18:00:03 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2011.05.11 18:00:03 | 000,000,438 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job [2011.05.11 17:09:56 | 000,142,592 | -H-- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.05.11 15:36:12 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6565CC11-F566-40F1-8341-08DFD6DF742B}.job [2011.05.11 14:51:27 | 000,000,000 | -H-- | M] () -- C:\Users\\AppData\Local\Ixuyefub.bin [2011.05.11 14:49:22 | 000,000,000 | -H-- | M] () -- C:\Users\\2gweorjqjutp92vjy9gake [2011.05.11 13:57:43 | 000,257,475 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.05.11 13:57:43 | 000,257,475 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.05.05 12:01:48 | 000,770,571 | -H-- | M] () -- C:\Users\\Desktop [2011.05.02 09:24:28 | 000,686,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.02 09:24:28 | 000,643,612 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.02 09:24:28 | 000,150,888 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.02 09:24:28 | 000,122,500 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.26 15:52:48 | 000,132,642 | -H-- | M] () -- C:\Users\\Desktop\Cooperation in Chimpanzees.pdf [2011.04.16 15:04:52 | 000,373,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.15 14:02:55 | 000,049,866 | -H-- | M] () -- C:\Users\\Desktop\ ========== Files Created - No Company Name ========== [2011.05.11 21:59:04 | 3215,577,088 | -HS- | C] () -- C:\hiberfil.sys [2011.05.11 17:09:56 | 000,142,592 | -H-- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2011.05.11 14:51:27 | 000,000,120 | -H-- | C] () -- C:\Users\\AppData\Local\Tjavecus.dat [2011.05.11 14:51:27 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\Ixuyefub.bin [2011.05.11 14:49:22 | 000,000,000 | -H-- | C] () -- C:\Users\\2gweorjqjutp92vjy9gake [2011.05.05 12:01:45 | 000,770,571 | -H-- | C] () -- C:\Users\\Desktop\gesamtes Dokument_umstrukturiert_kompatibel_1.pdf [2011.04.26 15:52:47 | 000,132,642 | -H-- | C] () -- C:\Users\\Desktop\Cooperation in Chimpanzees.pdf [2011.04.15 14:02:55 | 000,049,866 | -H-- | C] () -- C:\Users\\Desktop\Aushang_Prferzuordnung_2011-04-14.pdf [2010.07.15 22:48:37 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\aveficawajurija.dll [2010.07.15 16:50:39 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\udacubuwo.dll [2010.07.15 01:40:39 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\igudonotudokawas.dll [2010.07.14 23:38:39 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\useficaw.dll [2010.07.14 21:36:38 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\adavupilidar.dll [2010.07.14 19:34:37 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\awoyafisequpal.dll [2010.07.14 12:06:18 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\osemowemowemo.dll [2010.07.14 10:04:15 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\obuzuquf.dll [2010.07.14 00:14:00 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\enizevuladiwoxew.dll [2010.07.13 22:12:00 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\iveladolequfiraw.dll [2010.07.13 17:34:21 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\unidicuvuh.dll [2010.07.13 09:03:06 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\eyihurozecec.dll [2010.07.12 23:52:38 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\onunagogutagesa.dll [2010.07.12 21:50:38 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\elutulivihan.dll [2010.07.12 19:48:40 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\uwuninozumah.dll [2010.07.12 18:17:20 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ogoqubef.dll [2010.07.12 13:21:56 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\orayuliw.dll [2010.07.12 11:19:57 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\uxesukas.dll [2010.07.12 07:15:58 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ezojatazalebinur.dll [2010.07.12 00:24:32 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\etoyojomuc.dll [2010.07.11 22:22:31 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\osetufumul.dll [2010.07.11 20:20:32 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\uzabeguy.dll [2010.07.11 18:18:35 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\afejilil.dll [2010.07.11 09:58:47 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\etosonocesofihut.dll [2010.07.11 07:56:48 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ajazavoh.dll [2010.07.11 05:54:48 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ivobeyitamewiga.dll [2010.07.10 20:32:05 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\oyemexizodulip.dll [2010.07.10 18:30:13 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ufolikolakefuper.dll [2010.07.10 12:44:04 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ihomucorojewujo.dll [2010.07.10 10:53:23 | 000,000,000 | -H-- | C] () -- C:\Users\\AppData\Local\ociliyojoqo.dll [2010.04.30 11:28:53 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.04.26 22:40:05 | 000,000,032 | --S- | C] () -- C:\Users\\AppData\Local\886739347.dat [2009.05.29 18:57:21 | 000,001,372 | ---- | C] () -- C:\Windows\System32\dmlg.dat [2009.05.23 13:27:53 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth2.dll [2009.05.23 13:27:53 | 000,001,024 | -H-- | C] () -- C:\Windows\System32\grcauth1.dll [2009.05.23 13:27:53 | 000,000,100 | -H-- | C] () -- C:\Windows\System32\prsgrc.dll [2009.05.23 13:20:31 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2009.05.23 13:20:31 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2009.05.22 12:19:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2008.12.25 00:45:54 | 000,027,648 | -H-- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.24 19:07:21 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.12.24 19:07:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.06.26 13:37:16 | 000,686,620 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.06.26 13:37:16 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.06.26 13:37:16 | 000,150,888 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.06.26 13:37:16 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.06.26 13:26:52 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.06.25 23:08:18 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.06.25 07:48:51 | 000,000,684 | ---- | C] () -- C:\Windows\HotFixList.ini [2008.06.25 07:36:36 | 000,257,475 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.06.25 07:36:12 | 000,257,475 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.06.25 07:30:52 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2008.06.25 07:30:30 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini [2008.06.25 07:30:30 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini [2008.06.25 07:23:34 | 000,172,032 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008.06.25 07:22:17 | 000,080,400 | ---- | C] () -- C:\Windows\StkUnist.exe [2008.06.25 07:22:16 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys [2008.06.25 07:18:10 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IhDEV.exe [2008.06.25 07:18:10 | 000,024,576 | ---- | C] () -- C:\Windows\System32\IhINF.exe [2008.02.09 18:03:07 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\Marker.exe [2007.02.26 09:49:12 | 006,139,774 | ---- | C] () -- C:\Windows\System32\imagine digital freedom.dat [2007.02.15 09:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll [2006.11.29 10:00:30 | 000,045,056 | ---- | C] () -- C:\Windows\System32\MAWebControl.exe [2006.11.29 10:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,373,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,643,612 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,122,500 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.09 03:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll [2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010.02.25 12:37:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Academic Software Zurich [2009.06.07 17:37:05 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Bullzip [2010.12.02 14:29:54 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Canneverbe Limited [2008.12.31 17:28:40 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DAEMON Tools [2011.05.12 00:29:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Desktopicon [2009.01.26 18:01:53 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DriverCure [2011.03.04 12:20:15 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.22 14:18:41 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\HotSync [2011.05.11 15:13:09 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\ICQ [2009.06.24 18:31:20 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Leadertech [2010.04.30 11:59:55 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\lowsec [2011.05.11 21:27:04 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Spyware Terminator [2010.02.26 01:22:55 | 000,000,000 | -H-D | M] -- C:\Users\AppData\Roaming\Thunderbird [2009.07.06 17:19:17 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Toolbars [2009.06.28 22:13:39 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\VoipDiscount [2010.12.01 14:26:37 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\DriverCure.job [2010.07.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2010.12.01 02:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2011.05.11 18:00:03 | 000,000,438 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job [2011.05.11 18:00:03 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job [2010.11.30 02:47:04 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version2.job [2011.05.12 00:34:11 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.05.11 15:36:12 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{6565CC11-F566-40F1-8341-08DFD6DF742B}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.25 12:37:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Academic Software Zurich [2011.05.11 14:49:22 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Adobe [2011.02.09 13:15:42 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Apple Computer [2009.06.24 18:34:30 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Arcsoft [2010.04.30 12:01:13 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Avira [2009.06.07 17:37:05 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Bullzip [2010.12.02 14:29:54 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Canneverbe Limited [2008.12.31 17:28:40 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DAEMON Tools [2011.05.12 00:29:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Desktopicon [2010.05.24 17:09:00 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DivX [2009.01.26 18:01:53 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DriverCure [2011.01.10 23:11:56 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\dvdcss [2011.03.04 12:20:15 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\DVDVideoSoftIEHelpers [2010.03.22 14:18:41 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\HotSync [2011.05.11 15:13:09 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\ICQ [2008.12.24 18:12:25 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Identities [2010.02.08 10:27:32 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Intel [2009.06.24 18:31:20 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Leadertech [2010.04.30 11:59:55 | 000,000,000 | -HSD | M] -- C:\Users\\AppData\Roaming\lowsec [2008.12.24 18:34:23 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Macromedia [2011.05.11 22:23:21 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Media Center Programs [2011.01.11 11:06:44 | 000,000,000 | --SD | M] -- C:\Users\\AppData\Roaming\Microsoft [2009.01.04 15:20:21 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Mozilla [2010.06.01 19:41:58 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Mozilla-Cache [2011.05.11 15:38:24 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Skype [2011.05.11 15:37:54 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\skypePM [2011.05.11 21:27:04 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Spyware Terminator [2010.02.26 01:22:55 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Thunderbird [2009.07.06 17:19:17 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\Toolbars [2009.01.16 00:02:55 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\vlc [2009.06.28 22:13:39 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\VoipDiscount [2009.01.26 18:06:13 | 000,000,000 | -H-D | M] -- C:\Users\\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2009.01.14 22:31:29 | 001,887,176 | -H-- | M] (Adobe Systems Incorporated) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe [2011.02.14 13:42:14 | 002,832,544 | -H-- | M] (Adobe Systems, Inc.) -- C:\Users\Jan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe [2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\BluetoothShortcut.exe [2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\BluetoothShortcut_ITA.exe [2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\NewShortcut5.exe [2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\NewShortcut5_2.exe [2009.06.24 18:26:34 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{B1D78321-7AB1-45A7-A084-885AF75B8F3D}\NewShortcut8.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2008.05.07 10:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys [2008.06.16 14:38:28 | 000,396,312 | ---- | M] (Intel Corporation) MD5=DB0C1076AB442C09D2A3AB0410DBEA0D -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.06.16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.06.16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Windows\System32\drivers\iaStor.sys [2008.06.16 14:38:10 | 000,318,488 | ---- | M] (Intel Corporation) MD5=F263A9036F8897FFA2AE54685E03AD60 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3506096f\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.12.31 17:29:08 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2011.02.18 17:45:03 | 000,193,024 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll < > ========== Alternate Data Streams ========== @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8 < End of report > und die extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.05.2011 08:12:59 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,09 Gb Total Space | 60,49 Gb Free Space | 41,98% Space Free | Partition Type: NTFS Drive D: | 144,00 Gb Total Space | 129,23 Gb Free Space | 89,75% Space Free | Partition Type: NTFS Computer Name: JAN-PC | User Name: Jan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07CE4A6A-F06F-4366-AE9B-6E70BB89DE0B}" = lport=10243 | protocol=6 | dir=in | app=system | "{09B82570-3BB2-402A-AABE-D38A6B9C3822}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0D8A82E3-FB25-467E-B5A7-30BE3D0DC581}" = lport=138 | protocol=17 | dir=in | app=system | "{173F39C8-37A0-4F3F-86C0-D34CAB4451D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1C69006A-2E0E-4382-93CB-948BFEF8FB41}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2788C89C-A771-4FE5-A147-51E6F92210B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2C661C94-A73C-4682-93F7-E6C0F9A26A1B}" = rport=138 | protocol=17 | dir=out | app=system | "{32DDD508-5184-4D9A-9121-D4E6C8228179}" = rport=137 | protocol=17 | dir=out | app=system | "{584342B5-BC81-409A-B236-17278483CD02}" = rport=139 | protocol=6 | dir=out | app=system | "{5DA0A055-2572-4B08-AEB9-8B7F5BC99828}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A3EC03EB-F404-4C85-A112-C926F3C1601C}" = lport=2869 | protocol=6 | dir=in | app=system | "{A75C3297-EC91-4445-BDAC-B0500CEF650E}" = lport=137 | protocol=17 | dir=in | app=system | "{AA31B417-EE46-4EFF-8885-12524BD02158}" = lport=139 | protocol=6 | dir=in | app=system | "{B6129F98-5342-4BD7-A045-2C3D171406AB}" = rport=10243 | protocol=6 | dir=out | app=system | "{C72611AF-2000-49D5-B768-91B00989F67D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D8AC4681-D0AD-47B1-8D2F-A2C27617607C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{DCAB2756-7503-4795-A1B6-FF834279B9B5}" = lport=445 | protocol=6 | dir=in | app=system | "{E774DC70-4AC2-479C-B161-FC99184EE300}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{EE8ADA95-22C5-4DC6-84AA-9D36EA4DBFA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F40EB487-BC14-43AB-84BA-E8ADF8011404}" = rport=445 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{16E42212-A15C-48CE-9073-508FEAEFE664}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{20F2D4B7-19A5-40A8-9291-F0879CBE9A2F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{21D7F792-EAA0-4AA6-B5C6-9253918B18B9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{281EB8C8-643F-4D98-BDAC-8D05A552D952}" = dir=in | app=d:\itunes.exe | "{2A8F1A49-2850-47AB-973E-E11E73AF44DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2CF5B874-02FD-4478-8C89-5818B91AC8E1}" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe | "{30F3FA6C-0344-4AF4-8A9F-5C5E55244046}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{35840F05-D87F-4E77-97FE-A5E8CC03AA01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{3A6474B3-ECBB-4689-96FF-F219E59BD076}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{3C4F0119-CFB6-419D-B9DF-24AD0F821FF6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4380B52E-A787-4603-B21F-5B24E7DB0A85}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{445749A4-9740-4F97-97A0-30B63B13257B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4A6A3898-B9AA-4043-9676-76A9592FA5BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{4BC170A8-5160-4FFB-A6A3-2201BBB02492}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{4CEA9209-D265-4DC4-BEF2-ED3342489566}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4D9A4AE1-138F-4A3E-8873-6662FA533DA5}" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe | "{649876CF-55C5-4A59-B13F-CF0F09DFEB72}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | "{66524954-1A7D-4521-9E16-CAB4A754C040}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6C3A9DE7-C491-40DD-914B-711BEBDE37EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8A838FA0-C956-4EA6-9F9F-6A48CF5B82FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8B363943-F519-4943-88A3-C62E618978B6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{9EE09123-FC48-4462-A1B9-ACA39B7D3CE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B3C5D727-2D1F-4BEB-BAE5-3FBBF06FC7BB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{BC00ECA8-E002-43F2-82CF-89BDDDA5A2C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C30F3283-D4EC-48E8-8444-4A18B0D56BC1}" = protocol=6 | dir=out | app=system | "{C5B226B3-994D-4D8B-9E9F-CD7741B7F5FA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D449E915-CCCB-415F-998E-929C10BCC103}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{D97A9791-AC34-40BA-AFE0-50961854AF61}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{E88E1CC0-09DE-492B-B589-34F587550CE6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{ED7BA02F-87B6-4115-AA41-66918D696096}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{FB7FB1F5-6B68-43B2-8843-4CAB94688883}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{22ADB944-B67E-4388-85BC-338DF4F4341C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{3E71F2AB-8143-47D8-A547-F66AA69C3C2D}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "TCP Query User{408E1988-6D15-424C-96FF-D9EF96471740}D:\hotsync.exe" = protocol=6 | dir=in | app=d:\hotsync.exe | "TCP Query User{40AC4BD8-B0F0-4897-8876-F4A12EAFD6FB}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "TCP Query User{6D6B22E1-3F93-4F66-BE36-84197EBAF7CF}D:\hotsync.exe" = protocol=6 | dir=in | app=d:\hotsync.exe | "TCP Query User{8721F485-62E5-46DB-B40A-0460E2163EA2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{9DF7F28C-F068-4F21-99C9-315E5984801F}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=6 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe | "TCP Query User{9E5B76CC-0CB6-4803-9799-83B48A3A68E7}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{AD5105DD-7E38-41D5-ABC6-285E61612EDB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{373D7826-9BB6-4B0D-81DA-83CBC64B18C0}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{385D0C3C-C9BF-4AAE-AB00-35FEEEE51B7F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{47FADEE7-4440-4D03-8F1E-705760EE965F}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "UDP Query User{68E6AE18-B636-4F7E-8D91-75B7ED3A6B35}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | "UDP Query User{CE1BE129-7050-4F91-8A2F-DA1230557270}D:\hotsync.exe" = protocol=17 | dir=in | app=d:\hotsync.exe | "UDP Query User{D5604953-DFDC-404D-9B26-4353384C0D3C}D:\hotsync.exe" = protocol=17 | dir=in | app=d:\hotsync.exe | "UDP Query User{D82358CE-F86D-4F9A-923D-5F05DF9E444F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{E8D8381F-920C-4793-9B2D-E9E7F477184B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{F0CDC56D-1B83-4C1E-8AC6-B2295AFDEB7D}C:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe" = protocol=17 | dir=in | app=c:\program files\voipdiscount.com\voipdiscount\voipdiscount.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300 "{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{090962E2-4BE8-4A8A-86B0-7A5ED31C1273}" = USB2.0 UVC WebCam "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1E0D8F69-A6AB-4934-9B2D-159D9F97BA4A}" = ParetoLogic DriverCure "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13 "{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor "{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2 "{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies "{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components "{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3 "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A8DB611A-D80E-450D-85F6-3ACDD164BE31}" = "{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BA5F3E0E-8F3E-47BD-88E4-AD3EB5225F51}" = Intel(R) PROSet/Wireless WiFi-Software "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Agere Systems Soft Modem" = Agere Systems HDA Modem "Audiograbber" = Audiograbber 1.83 SE "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Bullzip PDF Printer_is1" = Bullzip PDF Printer 6.0.0.766 "Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2 "CameraWindowDC" = Canon Utilities CameraWindow DC "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "CCleaner" = CCleaner "Citavi" = Citavi 2.5 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EPSON Printer and Utilities" = EPSON-Drucker-Software "EPSON Scanner" = EPSON Scan "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324 "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64 "ICQToolbar" = ICQ Toolbar "InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0 "InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus "InstallShield_{7B46F9CF-CF60-492E-816E-95EB1A9D1BB4}" = Play Camera "InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17) "MSC" = McAfee SecurityCenter "MyCamera" = Canon Utilities MyCamera "MyCameraDC" = Canon Utilities MyCamera DC "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "PokerStars" = PokerStars "ProInst" = Intel PROSet Wireless "PROPLUS" = Microsoft Office Professional Plus 2007 "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows "SecureW2 TTLS Client" = SecureW2 TTLS Client 3.3.3 for Windows "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Spyware Terminator_is1" = Spyware Terminator "SynTPDeinstKey" = Synaptics Pointing Device Driver "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 0.9.8a "VoipDiscount_is1" = VoipDiscount "WinRAR archiver" = WinRAR "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Mixxx (1.8.2)" = Mixxx 1.8.2 ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Geändert von bärtiger (12.05.2011 um 08:40 Uhr) |
12.05.2011, 10:34 | #2 |
/// Malware-holic | Einschätzung otl-log jo, halte zu mindest mal dein windows aktuell und die instalierten programme :-)
__________________aber: ich hätte gern alle Malwarebytes logs gesehen, zu finden unter malwarebytes, logdateien.
__________________ |
12.05.2011, 10:43 | #3 |
| Einschätzung otl-log hallo markus,
__________________hier die malware-logs. danke schonmal für deine antwort. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6557 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 12.05.2011 00:29:24 mbam-log-2011-05-12 (00-29-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 303008 Laufzeit: 2 Stunde(n), 1 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 2 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 4 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 15 Infizierte Speicherprozesse: c:\programdata\nmpssakhhnawe.exe (Rogue.Installer.Gen) -> 2648 -> Unloaded process successfully. Infizierte Speichermodule: c:\Users\\AppData\Local\mcatxib.dll (Tro.Hiloti) -> Delete on reboot. c:\Users\\AppData\Local\ixujifoh.dll (Tro.Agent.U) -> Delete on reboot. Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Hwefutiyayiyoh (Tro.Hiloti) -> Value: Hwefutiyayiyoh -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NMpsSakHhNAWe (Rogue.Installer.Gen) -> Value: NMpsSakHhNAWe -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Tro.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Bdidomurediqatar (Tro.Agent.U) -> Value: Bdidomurediqatar -> Delete on reboot. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\programdata\13688733 (Rogue.Multiple) -> Quarantined and deleted successfully. c:\Recycle.Bin (Tro.Spyeyes) -> Quarantined and deleted successfully. Infizierte Dateien: c:\Users\\AppData\Local\mcatxib.dll (Tro.Hiloti) -> Delete on reboot. c:\programdata\nmpssakhhnawe.exe (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\\AppData\Local\Temp\0.10605338910302353.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\\AppData\Local\Temp\0.23062796517450623.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\\AppData\Local\Temp\0.6699041339626213.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\\AppData\LocalLow\Sun\Java\deployment\cache\6.0\14\884358e-4079b667 (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\Users\\AppData\Roaming\Adobe\plugs\mmc23240342.txt (Rogue.Installer.Gen) -> Quarantined and deleted successfully. c:\Users\\AppData\Roaming\desktopicon\ebayshortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. c:\Users\\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\programdata\sysreserve.ini (Malware.Trace) -> Quarantined and deleted successfully. c:\Recycle.Bin\recycle.bin.exe (Tro.SpyEyes) -> Quarantined and deleted successfully. c:\Users\\AppData\Roaming\Adobe\plugs\mmc104.exe (Tro.Agent) -> Quarantined and deleted successfully. c:\Users\\AppData\Roaming\Adobe\plugs\mmc88.exe (Tro.Agent) -> Quarantined and deleted successfully. c:\Users\\AppData\Local\ixujifoh.dll (Tro.Agent.U) -> Delete on reboot. c:\Recycle.Bin\config.bin (Tro.Spyeyes) -> Quarantined and deleted successfully. |
12.05.2011, 10:49 | #4 |
/// Malware-holic | Einschätzung otl-log das gefällt mir überhaupt nicht. machst du onlinebanking einkäufe oder sonst was wichtiges mit dem pc? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.05.2011, 11:13 | #5 |
| Einschätzung otl-log Ja ich mache einkäufe usw. per internet. was bedeutet das für mich? ich hab jetzt übrigens mal ne testversion von f-secure-internet-security runtergeladen, macht das sinn? hier der log von combo-fix Combofix Logfile: Code:
ATTFilter ComboFix 11-05-11.02 - 12.05.2011 11:59:09.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.1112 [GMT 2:00] ausgeführt von:: c:\users\\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\pokerstars\PokerStars.exe c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6} c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}\chrome.manifest c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}\chrome\content\_cfg.js c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}\chrome\content\overlay.xul c:\users\\AppData\Local\{C3B2959E-301D-47E5-A440-2C797569D4F6}\install.rdf c:\users\\AppData\Roaming\Adobe\plugs c:\users\\AppData\Roaming\Adobe\plugs\mmc23289233.txt c:\users\\AppData\Roaming\Adobe\shed c:\users\\AppData\Roaming\Adobe\shed\thr1.chm c:\users\\AppData\Roaming\Desktopicon c:\users\\AppData\Roaming\Desktopicon\config.ini c:\users\\mbam-setup.exe c:\users\Public\mbam-setup.exe c:\users\Public\SpywareTerminator282Setup.exe D:\install.exe . . ((((((((((((((((((((((( Dateien erstellt von 2011-04-12 bis 2011-05-12 )))))))))))))))))))))))))))))) . . 2011-05-12 09:55 . 2011-05-12 09:56 -------- d-----w- c:\program files\F-Secure 2011-05-12 09:52 . 2011-05-12 09:54 -------- d-----w- c:\programdata\fssg 2011-05-12 09:51 . 2011-05-12 09:54 -------- d-----w- c:\programdata\f-secure 2011-05-11 20:23 . 2011-05-11 20:23 -------- d-----w- c:\users\\AppData\Roaming\Malwarebytes 2011-05-11 20:23 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-11 20:23 . 2011-05-11 20:23 -------- d-----w- c:\programdata\Malwarebytes 2011-05-11 20:23 . 2011-05-11 20:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-11 20:23 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-11 15:09 . 2011-05-12 09:54 -------- d-----w- c:\program files\Spyware Terminator 2011-05-11 14:58 . 2011-05-11 14:58 -------- d-----w- c:\programdata\WindowsSearch 2011-05-11 12:51 . 2011-05-11 12:51 0 ----a-w- c:\users\\AppData\Local\Ixuyefub.bin 2011-05-11 06:31 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-05-10 06:41 . 2011-05-10 06:42 -------- d-----w- c:\programdata\Skype Extras 2011-05-10 06:41 . 2011-05-10 06:41 -------- d-----w- c:\program files\Common Files\Skype 2011-05-10 06:18 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8375DDE5-D475-4D15-9497-A45B58912545}\mpengine.dll 2011-04-28 06:02 . 2011-03-03 14:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-28 06:02 . 2011-03-03 13:01 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-15 14:39 . 2011-04-15 14:39 1090952 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-03 14:56 . 2011-04-28 06:02 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 14:56 . 2011-04-28 06:02 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 14:56 . 2011-04-28 06:02 541696 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 14:56 . 2011-04-28 06:02 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-08 13543968] "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-07-09 199264] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk backup=c:\windows\pss\BTTray.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=c:\users\\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=c:\windows\pss\PowerReg Scheduler.exe.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2010-12-20 16:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe] 2009-01-08 19:30 645328 ------w- c:\program files\McAfee.com\Agent\mcagent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] 2008-06-08 22:23 92704 ----a-w- c:\windows\System32\nvmctray.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2008-01-21 02:23 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-05-27 18:03 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] 2007-10-26 05:39 1029416 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . R2 0151251305193992mcinstcleanup;McAfee Application Installer Cleanup (0151251305193992);c:\users\\AppData\Local\Temp\015125~1.EXE [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896] S0 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [2008-05-08 226328] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-31 717296] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096] S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-06-25 13312] S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2008-01-16 31248] S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-05-20 3663360] S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2008-03-28 1363088] S4 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - avipbb *Deregistered* - ssmdrv . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Inhalt des "geplante Tasks" Ordners . 2010-12-01 c:\windows\Tasks\DriverCure.job - c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57] . 2011-05-11 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36] . 2011-05-11 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30] . 2010-11-30 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36] . 2011-05-11 c:\windows\Tasks\User_Feed_Synchronization-{6565CC11-F566-40F1-8341-08DFD6DF742B}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://start.icq.com/ uInternet Settings,ProxyOverride = *.local IE: &Citavi Picker... - file://c:\program files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Free YouTube to MP3 Converter - c:\users\\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: ebay.de\www Trusted Zone: eintracht-schkeuditz.de\www FF - ProfilePath - c:\users\\AppData\Roaming\Mozilla\Firefox\Profiles\psm38bn6.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxps://webmail.eva.mpg.de/ox6/ox.html FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} . - - - - Entfernte verwaiste Registrierungseinträge - - - - . MSConfigStartUp-Bdidomurediqatar - c:\users\\AppData\Local\ixujifoh.dll MSConfigStartUp-Hwefutiyayiyoh - c:\users\\AppData\Local\mcatxib.dll MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-05-12 12:06 Windows 6.0.6001 Service Pack 1 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . Zeit der Fertigstellung: 2011-05-12 12:08:49 ComboFix-quarantined-files.txt 2011-05-12 10:08 . Vor Suchlauf: 12 Verzeichnis(se), 63.300.419.584 Bytes frei Nach Suchlauf: 14 Verzeichnis(se), 63.097.098.240 Bytes frei . - - End Of File - - 714213EAA9B354DD10EB1C72824B0FB2 |
12.05.2011, 12:12 | #6 |
/// Malware-holic | Einschätzung otl-log
__________________ --> Einschätzung otl-log |
12.05.2011, 13:01 | #7 |
| Einschätzung otl-log hier ist das ding GMER Logfile: Code:
ATTFilter GMER 1.0.15.15627 - hxxp://www.gmer.net Rootkit scan 2011-05-12 13:59:33 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 FUJITSU_ rev.0000 Running: snx8mips.exe; Driver: C:\Users\\AppData\Local\Temp\uwldypow.sys ---- Kernel code sections - GMER 1.0.15 ---- ? System32\Drivers\spms.sys Das System kann den angegebenen Pfad nicht finden. ! .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91806340, 0x3E9407, 0xE8000020] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd65b4f Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4cd6642e Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0xAC 0x81 0x33 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0xBE 0x4E 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x7E 0x19 0xF8 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd3e0d6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd65b4f (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4cd6642e (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB3 0xAC 0x81 0x33 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0xBE 0x4E 0xDC ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x97 0x7E 0x19 0xF8 ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 MBR read error Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0 ---- Files - GMER 1.0.15 ---- File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BEE.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BEF.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF0.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF1.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF2.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF3.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF4.log 131072 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF5.log 0 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS05BF6.log 131072 bytes ---- EOF - GMER 1.0.15 ---- |
12.05.2011, 14:10 | #8 |
/// Malware-holic | Einschätzung otl-log download mbr check auf den desktop http://ad13.geekstogo.com/MBRCheck.exe rechtsklick als admin starten. log wird auf dem desktop erstellt, dessen inhalt posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.05.2011, 14:19 | #9 |
| Einschätzung otl-log MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: SAMSUNG ELECTRONICS CO., LTD. BIOS Manufacturer: Phoenix Technologies Ltd. System Manufacturer: SAMSUNG ELECTRONICS CO., LTD. System Product Name: R560 Logical Drives Mask: 0x0000003c Kernel Drivers (total 146): 0x8481C000 \SystemRoot\system32\ntoskrnl.exe 0x84BC7000 \SystemRoot\system32\hal.dll 0x8C409000 \SystemRoot\system32\kdcom.dll 0x8C411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x8C471000 \SystemRoot\system32\PSHED.dll 0x8C482000 \SystemRoot\system32\BOOTVID.dll 0x8C48A000 \SystemRoot\system32\CLFS.SYS 0x8C4CB000 \SystemRoot\system32\CI.dll 0x8C5AB000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8C627000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8C634000 \SystemRoot\System32\Drivers\spms.sys 0x8C734000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x8C73D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x8C763000 \SystemRoot\system32\drivers\acpi.sys 0x8C7A9000 \SystemRoot\system32\drivers\msisadrv.sys 0x8C7B1000 \SystemRoot\system32\drivers\pci.sys 0x8C7D8000 \SystemRoot\System32\drivers\partmgr.sys 0x8C7E7000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x8C7EA000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x8C809000 \SystemRoot\system32\drivers\volmgr.sys 0x8C818000 \SystemRoot\System32\drivers\volmgrx.sys 0x8C862000 \SystemRoot\System32\drivers\mountmgr.sys 0x8C872000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x8C942000 \SystemRoot\system32\DRIVERS\iaNvStor.sys 0x8C98A000 \SystemRoot\system32\drivers\atapi.sys 0x8C992000 \SystemRoot\system32\drivers\ataport.SYS 0x8C9B0000 \SystemRoot\system32\drivers\fltmgr.sys 0x8C9E2000 \SystemRoot\system32\drivers\fileinfo.sys 0x8C9F2000 \SystemRoot\System32\Drivers\ksecdd.sys 0x8CA63000 \SystemRoot\system32\drivers\ndis.sys 0x8CB6E000 \SystemRoot\system32\drivers\msrpc.sys 0x8CB99000 \SystemRoot\system32\drivers\NETIO.SYS 0x8CC03000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8CD12000 \SystemRoot\system32\drivers\volsnap.sys 0x8CD4B000 \SystemRoot\System32\Drivers\spldr.sys 0x8CD53000 \SystemRoot\System32\Drivers\mup.sys 0x8CD62000 \SystemRoot\System32\drivers\ecache.sys 0x8CD89000 \SystemRoot\system32\drivers\disk.sys 0x8CD9A000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8CDBB000 \SystemRoot\system32\drivers\crcdisk.sys 0x8CEA1000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8CEAC000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x91806000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x91F33000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x91FD2000 \SystemRoot\System32\drivers\watchdog.sys 0x91FDF000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8CEB5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x91FEA000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x8CEF3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x91009000 \SystemRoot\system32\DRIVERS\NETw5v32.sys 0x91391000 \SystemRoot\system32\DRIVERS\yk60x86.sys 0x913DD000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x913E1000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x913F4000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x8CF05000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x91000000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x8CF33000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x8CF3E000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x91002000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x8CF56000 \SystemRoot\System32\Drivers\a2ph0vaa.SYS 0x8CF8D000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8CF9C000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x92806000 \SystemRoot\system32\DRIVERS\storport.sys 0x92847000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x92852000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x92869000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x92874000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x92897000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x928A6000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x928BA000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x928CF000 \SystemRoot\system32\DRIVERS\termdd.sys 0x928DF000 \SystemRoot\system32\DRIVERS\swenum.sys 0x928E1000 \SystemRoot\system32\DRIVERS\ks.sys 0x9290B000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x92915000 \SystemRoot\system32\DRIVERS\umbus.sys 0x92922000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x92956000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x92967000 \SystemRoot\system32\drivers\RTKVHDA.sys 0x92B67000 \SystemRoot\system32\drivers\portcls.sys 0x92B94000 \SystemRoot\system32\drivers\drmk.sys 0x92BB9000 \SystemRoot\system32\drivers\HdAudio.sys 0x8CFCA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x92BF8000 \SystemRoot\System32\Drivers\Null.SYS 0x91FF9000 \SystemRoot\System32\Drivers\Beep.SYS 0x8CFD3000 \SystemRoot\System32\drivers\vga.sys 0x8CFDF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x8CBD3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x8CBDB000 \SystemRoot\system32\drivers\rdpencdd.sys 0x8CBE3000 \SystemRoot\System32\Drivers\Msfs.SYS 0x8CBEE000 \SystemRoot\System32\Drivers\Npfs.SYS 0x8C800000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x93407000 \SystemRoot\System32\drivers\tcpip.sys 0x934F0000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x9350B000 \SystemRoot\system32\DRIVERS\tdx.sys 0x93521000 \SystemRoot\system32\DRIVERS\smb.sys 0x93535000 \SystemRoot\system32\drivers\afd.sys 0x9357D000 \SystemRoot\System32\DRIVERS\netbt.sys 0x935AF000 \SystemRoot\system32\DRIVERS\pacer.sys 0x935C5000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x935CE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x935DE000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x935E5000 \SystemRoot\system32\DRIVERS\netbios.sys 0x935F3000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x93606000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x93642000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9364A000 \SystemRoot\system32\drivers\nsiproxy.sys 0x93654000 \SystemRoot\System32\Drivers\dfsc.sys 0x9366B000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x93682000 \SystemRoot\System32\Drivers\StkCMini.sys 0x94806000 \SystemRoot\System32\Drivers\StkCPipe.sys 0x9545C000 \SystemRoot\System32\Drivers\StkCSF.sys 0x9548B000 \SystemRoot\System32\Drivers\crashdmp.sys 0x95498000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x9B010000 \SystemRoot\System32\win32k.sys 0x95568000 \SystemRoot\System32\drivers\Dxapi.sys 0x95572000 \SystemRoot\system32\DRIVERS\monitor.sys 0x9B230000 \SystemRoot\System32\TSDDD.dll 0x9B250000 \SystemRoot\System32\cdd.dll 0x95581000 \SystemRoot\system32\drivers\luafv.sys 0x9559C000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys 0x955A4000 \SystemRoot\system32\drivers\spsys.sys 0x95653000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x95663000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x9568D000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x95697000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x956AA000 \SystemRoot\system32\drivers\HTTP.sys 0x95717000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x95734000 \SystemRoot\system32\DRIVERS\bowser.sys 0x9574D000 \SystemRoot\System32\drivers\mpsdrv.sys 0x95762000 \SystemRoot\system32\drivers\mrxdav.sys 0x95782000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x957A1000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x957DA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x937CE000 \SystemRoot\System32\DRIVERS\srv2.sys 0x8CDC4000 \SystemRoot\System32\DRIVERS\srv.sys 0xA7400000 \SystemRoot\system32\drivers\peauth.sys 0xA74DE000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA74E8000 \SystemRoot\System32\drivers\tcpipreg.sys 0xA74F4000 \SystemRoot\system32\DRIVERS\cdfs.sys 0xA750A000 \??\C:\Users\\AppData\Local\Temp\uwldypow.sys 0xA7523000 \SystemRoot\system32\DRIVERS\tmcomm.sys 0xA7557000 \SystemRoot\system32\DRIVERS\tmevtmgr.sys 0xA7569000 \SystemRoot\system32\DRIVERS\tmactmon.sys 0xA7586000 \SystemRoot\system32\DRIVERS\tmtdi.sys 0x76E00000 \Windows\System32\ntdll.dll 0x10000000 \DAEMON Tools Lite\daemon.dll Processes (total 72): 0 System Idle Process 4 System 508 C:\Windows\System32\smss.exe 596 csrss.exe 648 C:\Windows\System32\wininit.exe 660 csrss.exe 692 C:\Windows\System32\services.exe 720 C:\Windows\System32\lsass.exe 732 C:\Windows\System32\lsm.exe 892 C:\Windows\System32\svchost.exe 936 C:\Windows\System32\nvvsvc.exe 964 C:\Windows\System32\svchost.exe 1064 C:\Windows\System32\svchost.exe 1096 C:\Windows\System32\svchost.exe 1112 C:\Windows\System32\svchost.exe 1168 C:\Windows\System32\audiodg.exe 1196 C:\Windows\System32\SLsvc.exe 1244 C:\Windows\System32\svchost.exe 1328 C:\Windows\System32\winlogon.exe 1408 C:\Windows\System32\svchost.exe 1556 C:\Windows\System32\wlanext.exe 1652 C:\Windows\System32\rundll32.exe 1756 C:\Windows\System32\spoolsv.exe 1764 C:\Windows\System32\taskeng.exe 2028 C:\Windows\System32\svchost.exe 584 C:\Windows\System32\dwm.exe 1440 C:\Windows\explorer.exe 1804 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 724 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe 2060 C:\Program Files\Bonjour\mDNSResponder.exe 2080 C:\Windows\System32\svchost.exe 2108 C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2232 C:\Program Files\ICQ6Toolbar\ICQ Service.exe 2324 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe 2372 C:\Windows\System32\svchost.exe 2400 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 2432 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe 2624 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 2764 C:\Windows\System32\svchost.exe 2776 C:\Windows\System32\StkCSrv.exe 2832 C:\Windows\System32\svchost.exe 2880 C:\Windows\System32\SearchIndexer.exe 3212 C:\Windows\System32\taskeng.exe 3248 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe 3256 C:\Windows\System32\taskeng.exe 3308 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe 3328 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe 3464 C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe 3648 WmiPrvSE.exe 3832 C:\Windows\RtHDVCpl.exe 3848 C:\Windows\ehome\ehtray.exe 4012 C:\Windows\ehome\ehmsas.exe 1512 C:\Program Files\Windows Media Player\wmpnscfg.exe 2872 C:\Program Files\Windows Media Player\wmpnetwk.exe 2276 C:\Windows\System32\wbem\unsecapp.exe 3120 C:\Windows\System32\wuauclt.exe 3784 C:\Program Files\Mozilla Firefox\firefox.exe 4080 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE 528 C:\Program Files\ICQ7.2\ICQ.exe 436 C:\Program Files\Skype\Phone\Skype.exe 4212 C:\Program Files\Skype\Plugin Manager\skypePM.exe 6132 C:\Program Files\Mozilla Firefox\plugin-container.exe 4780 C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 5956 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe 4776 C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe 5388 C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe 1964 C:\Windows\System32\SearchProtocolHost.exe 3644 C:\Windows\System32\SearchFilterHost.exe 5004 dllhost.exe 5252 dllhost.exe 4628 C:\Users\\Desktop\MBRCheck.exe 3976 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`85d00000 (NTFS) PhysicalDrive0 Model Number: FUJITSUMHZ2320BHG2, Rev: 00000009 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Unknown MBR code SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Options: [1] Dump the MBR of a physical disk to file. [2] Restore the MBR of a physical disk with a standard boot code. [3] Exit. Enter your choice: Done! |
12.05.2011, 14:21 | #10 |
/// Malware-holic | Einschätzung otl-log ist das nen gerät mit recovery partition?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.05.2011, 14:26 | #11 |
| Einschätzung otl-log ähhhm, keine ahnung...wie finde ich das raus? |
12.05.2011, 14:27 | #12 |
/// Malware-holic | Einschätzung otl-log ist schon ok, habs rausgefunden, der mbr scheint io. welche probleme gibts mit dem pc noch?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.05.2011, 14:53 | #13 |
| Einschätzung otl-log gar keine, läuft einwandfrei. kannst du mir irgendwas empfehlen, wie ich mich dauerhaft und gut gegen solche trojaner schützen kann? |
12.05.2011, 15:25 | #14 |
/// Malware-holic | Einschätzung otl-log jo geht los. servicepack2 für vista: Detail Seite Windows Server 2008 Service Pack 2 und Windows Vista Service Pack 2 - Five Language Standalone (KB948465) internet explorer 9: Internet Explorer - Microsoft Windows windows update: Microsoft Windows Update hier instalierst du so lange updates, bis es keine neuen mehr gibt. windows updates automatisch laden/instalieren: Aktivieren oder Deaktivieren von automatischen Updates damit dein system ab sofort immer aktuell bleibt. wenn fertig, melden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.05.2011, 17:00 | #15 |
| Einschätzung otl-log alles gemacht, außer ie9 installiert. ich arbeite mit firefox. soll besser sein als ie, oder stimmt das nicht. soll ich noch was machen? |
Themen zu Einschätzung otl-log |
0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, alternate, antivir, audiograbber, autorun, avgntflt.sys, avira, bho, bonjour, c:\windows\system32\rundll32.exe, canon, converter, ebay.de, error, excel.exe, firefox, format, frage, google, home, install.exe, location, logfile, microsoft office 2003, microsoft office word, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, object, office 2007, oldtimer, otl-log, picasa, plug-in, realtek, registry, rundll, scan, searchplugins, security update, server, software, sptd.sys, spyware, spyware terminator, start menu, svchost.exe, vista, wrapper |